No website padlock? Google demands that your website is secure!
Since early 2017, if you have a website that doesn’t have the HTTPS protocol (i.e. a locked padlock symbol in the website address), then you and your website visitors may have noticed a security warning.
Initially this warning only appeared on any page that had a login in it. Now it appears on any non-HTTPS page in a website, as Google has a “long-term plan to mark all HTTP sites as non-secure.” That means a warning will show if your website address starts with http://www.yourdomainname.co.uk instead of https://.
Quite simply, it now wants all website visitors to feel ‘secure’, regardless of whether there’s a login on a site or not. That means M35 Web Design is advising all clients to go down the ‘secure’ route with their websites.
The ‘insecure’ warning was first implemented by the creators of the Firefox browser and then by Google. Basically it’s technology that encrypts your connection to a website, so hackers can’t intercept any of your data.
A green padlock indicates that a website is secure.
What does the warning look like?
In Chrome, there may be a ⓘ next to your website’s address and the words “Not secure”.
If you click on the symbol or words it will show more information…
The same goes for the Firefox browser, or there may be a broken padlock symbol, or a padlock with a red line through it. Sometimes a warning message will also pop up, which might also be generated by an anti virus program, saying something along the lines of, “Your connection is not secure.”
What is HTTPS?
Google says:
“HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data exchanged between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.”
This really translates as saying that HTTPS is a more secure way to show web pages than HTTP.
Does that mean I need a new website?
No. Although Google considers HTTP and HTTPS different websites, you shouldn’t need a new one. It’s common to change a website’s address from HTTP to HTTPS and update Google settings so that it takes the change into account.
Adding the letter ‘s’ may help you with your website’s search engine optimisation (SEO)
Google say that switching to https:// shouldn’t affect search engine rankings if done the right way and, indeed, may give you a boost in search results. In 2015 Gary Illyes, from Google, said that when two web pages are otherwise equal Google prefers HTTPS sites, which pushes the https://secure domain higher up its search results pages.
We say that if it your search engine ranking does drop at the time of the switch, then the long-term gains are going to be worth it. That’s because in the end what Google wants it gets, and it’s more likely to love you for it if you try to please it. Compare that to websites who don’t bother to heed Google’s advice.
If you and a competitor are battling it out for a top position in search engines, having https:// instead of http:// could be all it takes.
Okay, so how do I go down the secure route?
It’s not as simple as just getting an SSL certificate and away you go. A website also needs a capable hosting service to allow a site to go down the HTTPS route. Some web hosting companies offer an SSL certificate for free and others make an annual charge.
In addition, all non-secure pages have to be redirected to the secure version, the website’s XML sitemap (this is a ‘behind the scenes’ sitemap used by search engines) has to be redone and a lot more besides.
Ready to secure your website? Then contact M35 Web Design now